[SECURITY] Fedora 42 Update: rust-muvm-0.4.1-5.fc42

Run programs from your system in a microVM...

[SECURITY] Fedora 43 Update: rust-muvm-0.4.1-5.fc43

Run programs from your system in a microVM...

EUVD-2020-8804

Malware in sbrugna...

EUVD-2020-19698

Malware in sbrugna...

CVE-2020-16843

In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on whi...

CVE-2020-27174

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host...

libvirt security, bug fix, and enhancement update

9.5.0-7.0.1 - The path to the guest agent socket file can become too long and cause problems.rhbz2233744 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 9.5.0-7 - util: use 'stubDriverType' instead of just 'stubDriver' rhbz2074209 - util: add stub driver name to virPCIDevice object...

Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-003)

The version of microvm-kernel installed on the remote host is prior to 4.14.246-200.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-003 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the...

Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-001)

The version of microvm-kernel installed on the remote host is prior to 4.14.252-207.481. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-001 advisory. A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to b...

Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-002)

The version of microvm-kernel installed on the remote host is prior to 4.14.246-199.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2MICROVM-KERNEL-4.14-2023-002 advisory. A flaw was found in the Linux kernel's implementation of wireless drivers using the...

MAL-2022-274 Malicious code in @firecracker-microvm/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8236413fb62d06e91b2b92e2f28c0616770da58942a69c29277bd2d2fb8d81f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @firecracker-microvm/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8236413fb62d06e91b2b92e2f28c0616770da58942a69c29277bd2d2fb8d81f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Design/Logic Flaw

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host...

CVE-2020-27174

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host...

CVE-2020-16843

In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on whi...

CVE-2020-16843

In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on whi...

Design/Logic Flaw

In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on whi...

CVE-2020-16843

CVE-2020-16843 affects Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2. The issue is in the network stack, which can freeze under heavy ingress traffic, leading to a denial of service on a microVM configured with a single network interface and an availability problem for that interface....